Dustin Shiver of the Node Security Project reports: The qs module has the ability to create sparse arrays during parsing. By specifying a high index it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash. Source: https://nodesecurity.io/advisories/qs_dos_memory_exhaustion Upstream bug: https://github.com/visionmedia/node-querystring/issues/104 CVE request: http://openwall.com/lists/oss-security/2014/09/24/1
Jinx. :-) *** This bug has been marked as a duplicate of bug 1146054 ***
Nice report though.